Do you have more than one Twitter or WhatsApp account? If you answered yes, do you want to log in to these multiple accounts at the same time? Up until this point, logging in to multiple social media accounts at one time has only been possible by using more than one mobile device. Dual Instance is a technique that allows you to run more than one instance of a mobile application simultaneously. As we know, it never takes malware authors long to catch on to new trends, so cybercriminals have recently taken it upon themselves to create malicious versions of Dual Instance apps.
Assuming you have installed the original Twitter app on your mobile device, it’s impossible to install another Twitter, unless it’s a counterfeit copy. However, if you have a piece of newly discovered malware installed, you’re able to download another original instance of Twitter’s authentic application on your device. Thus, you can log in with another account. However, as with all malware, this comes at a price.
This malware, which we’ll refer to as ‘Dual Instance’ malware from this point on, has been captured from an online chat group in China. Due to some special policies, some foreign websites, including Twitter, could not be directly accessed in China’s mainland. Since these kinds of requests do arise from time to time, though, this malware’s author came up with the idea to develop a “modified” – not the original application, nor an illegal version -- Twitter app that allows users to log in to Twitter without any special configurations, such as a VPN.
What is Dual Instance, anyway?
As stated above, Dual Instance makes it possible for users to log in to and run multiple instances of mobile applications on the same device. While it’s possible to find legitimate dual instance apps in app stores, there are also malicious apps that offer the same service and steal user credentials while doing so . As implied by its name, Dual Instance malware uses the technique to implement the aforementioned, modified version of Twitter on your device. Dual Instance is another kind of sandbox or virtualization – it simulates the most necessary components of Android’s system framework to start an app. While using the sandbox to start an app, it takes over most of the job to start a new app’s process. As a result, a new instance becomes a reality. Let’s have a deeper look at this malware to see what makes it tick:
Firstly, Dual Instance malware forges a certificate that looks just like the real one from Twitter.
Twitter app’s legal certificate is also listed below.